[wp-hackers] add_magic_quotes() Plans for removal?

Chip Bennett chip at chipbennett.net
Mon Mar 7 15:51:06 UTC 2011

Are core decisions normally made based on how they will impact Plugins -
Plugins which are *not maintained by core*?

I don't have a particular preference on this issue; I just found your
response to be both interesting, and unexpected.

I hope - and assume - that the core team generally make decisions based
primarily on what is best for the core project, and for the community as a
whole. Generally speaking, I would likewise assume that Plugin developers
are expected to make appropriate modifications when core makes a change such
as the one discussed below.

(And isn't implementation of such changes exactly why the
function-deprecation process exists?)


On Mon, Mar 7, 2011 at 9:25 AM, Peter Westwood <peter.westwood at ftwr.co.uk>wrote:

> On 7 Mar 2011, at 14:58, Kevin Newman wrote:
> > I recently wrestled with the same problem. I checked the php setting
> (get_ini), and failed to understand why everything is still escaped, even
> when the php.ini setting shows it was clearly disabled (until I found the
> actual function that does it, and some really really old forum posts).
> >
> > Suggested fixes:
> >
> > 1. When you re-escape everything, also set the magic quotes ini setting.
> If setting the php.ini flag doesn't get reflected in get_ini, at least add a
> WP function to check whether this is disabled (or add it to some document
> somewhere).
> >
> > 2. Add a wp-config setting that simply turns off the WP
> auto-magic-quotes.
> >
> > I understand why it was done, and why there has been no effort to change
> it, but if PHP core can go through the pain, surely WordPress can handle the
> change too.
> >
> As has been said in response to previous threads on this subject.
> We would love to remove this code but we can't without opening up numerous
> possible security issues in plugins which unfortunately rely on it.
> If you want to go through and review every plugin in the plugin repo.
> Create patches and get them accepted by the plugin authors.
> Then we can consider removing this code. Until then it is not a good idea.
> Cheers
> --
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list